<!DOCTYPE html>
<html lang="zh-CN">
<head>
  <meta charset="UTF-8">
<meta name="viewport" content="width=device-width">
<meta name="theme-color" content="#222"><meta name="generator" content="Hexo 7.3.0">

  <link rel="apple-touch-icon" sizes="180x180" href="/images/apple-touch-icon-next-haha.png">
  <link rel="icon" type="image/png" sizes="32x32" href="/images/favicon-32x32-next-haha.png">
  <link rel="icon" type="image/png" sizes="16x16" href="/images/favicon-16x16-next-haha.png">
  <link rel="mask-icon" href="/images/logo.svg" color="#222">

<link rel="stylesheet" href="/css/main.css">



<link rel="stylesheet" href="https://cdnjs.cloudflare.com/ajax/libs/font-awesome/7.0.0/css/all.min.css" integrity="sha256-VHqXKFhhMxcpubYf9xiWdCiojEbY9NexQ4jh8AxbvcM=" crossorigin="anonymous">
  <link rel="stylesheet" href="https://cdnjs.cloudflare.com/ajax/libs/animate.css/3.1.1/animate.min.css" integrity="sha256-PR7ttpcvz8qrF57fur/yAx1qXMFJeJFiA6pSzWi0OIE=" crossorigin="anonymous">

<script class="next-config" data-name="main" type="application/json">{"hostname":"ming.theyan.gs","root":"/","images":"/images","scheme":"Pisces","darkmode":false,"version":"8.25.0","exturl":false,"sidebar":{"position":"left","width_expanded":320,"width_dual_column":240,"display":"post","padding":18,"offset":12},"hljswrap":true,"codeblock":{"theme":{"light":"default","dark":"stackoverflow-dark"},"prism":{"light":"prism","dark":"prism-dark"},"copy_button":{"enable":false,"style":null},"fold":{"enable":false,"height":500},"language":false},"bookmark":{"enable":true,"color":"#222","save":"auto"},"mediumzoom":false,"lazyload":false,"pangu":false,"comments":{"style":"tabs","active":null,"storage":true,"lazyload":false,"nav":null},"stickytabs":false,"motion":{"enable":true,"async":false,"duration":200,"transition":{"menu_item":"fadeInDown","post_block":"fadeIn","post_header":"fadeInDown","post_body":"fadeInDown","coll_header":"fadeInLeft","sidebar":"fadeInUp"}},"prism":false,"i18n":{"placeholder":"搜索...","empty":"没有找到任何搜索结果：${query}","hits_time":"找到 ${hits} 个搜索结果（用时 ${time} 毫秒）","hits":"找到 ${hits} 个搜索结果"},"path":"/search.xml","localsearch":{"enable":true,"top_n_per_article":1,"unescape":false,"preload":false,"trigger":"auto"}}</script><script src="/js/config.js" defer></script>

    <meta name="description" content="操作系统安装配置规范从事运维这么长时间，每到一个新公司，都会涉及到写标准化、规范化、流程化、制度化文档的工作，这里就整理了一份，但愿对大家有帮助。 操作系统选型以下都是推荐值，如果没有特殊的需求，请都按照以下推荐值来操作  实体机：首选 CentOS 7 系列的最新版，其次选 Ubuntu Server 的最新的 LTS 的 64 位版本，目前最新的是 18.04 阿里云：选 Aliyun Lin">
<meta property="og:type" content="article">
<meta property="og:title" content="服务器操作系统安装配置标准推荐">
<meta property="og:url" content="https://ming.theyan.gs/2019/09/%E6%9C%8D%E5%8A%A1%E5%99%A8%E6%93%8D%E4%BD%9C%E7%B3%BB%E7%BB%9F%E5%AE%89%E8%A3%85%E9%85%8D%E7%BD%AE%E6%A0%87%E5%87%86%E6%8E%A8%E8%8D%90/index.html">
<meta property="og:site_name" content="运维烂笔头">
<meta property="og:description" content="操作系统安装配置规范从事运维这么长时间，每到一个新公司，都会涉及到写标准化、规范化、流程化、制度化文档的工作，这里就整理了一份，但愿对大家有帮助。 操作系统选型以下都是推荐值，如果没有特殊的需求，请都按照以下推荐值来操作  实体机：首选 CentOS 7 系列的最新版，其次选 Ubuntu Server 的最新的 LTS 的 64 位版本，目前最新的是 18.04 阿里云：选 Aliyun Lin">
<meta property="og:locale" content="zh_CN">
<meta property="article:published_time" content="2019-09-12T10:41:12.000Z">
<meta property="article:modified_time" content="2019-09-13T11:43:35.000Z">
<meta property="article:author" content="老杨">
<meta property="article:tag" content="Linux">
<meta property="article:tag" content="规范">
<meta property="article:tag" content="标准">
<meta property="article:tag" content="优化">
<meta name="twitter:card" content="summary">


<link rel="canonical" href="https://ming.theyan.gs/2019/09/%E6%9C%8D%E5%8A%A1%E5%99%A8%E6%93%8D%E4%BD%9C%E7%B3%BB%E7%BB%9F%E5%AE%89%E8%A3%85%E9%85%8D%E7%BD%AE%E6%A0%87%E5%87%86%E6%8E%A8%E8%8D%90/">


<script class="next-config" data-name="page" type="application/json">{"sidebar":"","isHome":false,"isPost":true,"lang":"zh-CN","comments":true,"permalink":"https://ming.theyan.gs/2019/09/%E6%9C%8D%E5%8A%A1%E5%99%A8%E6%93%8D%E4%BD%9C%E7%B3%BB%E7%BB%9F%E5%AE%89%E8%A3%85%E9%85%8D%E7%BD%AE%E6%A0%87%E5%87%86%E6%8E%A8%E8%8D%90/index.html","path":"2019/09/服务器操作系统安装配置标准推荐/index.html","title":"服务器操作系统安装配置标准推荐"}</script>

<script class="next-config" data-name="calendar" type="application/json">""</script>
<title>服务器操作系统安装配置标准推荐 | 运维烂笔头</title>
  
    <script async src="https://www.googletagmanager.com/gtag/js?id=UA-106574959-2"></script>
  <script class="next-config" data-name="google_analytics" type="application/json">{"tracking_id":"UA-106574959-2","only_pageview":false,"measure_protocol_api_secret":null}</script>
  <script src="/js/third-party/analytics/google-analytics.js" defer></script>

  <script src="/js/third-party/analytics/baidu-analytics.js" defer></script>
  <script async src="https://hm.baidu.com/hm.js?fdef9ded31bdb8b2dab08eddebdd5fed"></script>







  
  <script src="https://cdnjs.cloudflare.com/ajax/libs/animejs/3.2.1/anime.min.js" integrity="sha256-XL2inqUJaslATFnHdJOi9GfQ60on8Wx1C2H8DYiN1xY=" crossorigin="anonymous" defer></script>
<script src="/js/utils.js" defer></script><script src="/js/motion.js" defer></script><script src="/js/sidebar.js" defer></script><script src="/js/next-boot.js" defer></script><script src="/js/bookmark.js" defer></script>

  <script src="https://cdnjs.cloudflare.com/ajax/libs/hexo-generator-searchdb/1.5.0/search.js" integrity="sha256-xFC6PJ82SL9b3WkGjFavNiA9gm5z6UBxWPiu4CYjptg=" crossorigin="anonymous" defer></script>
<script src="/js/third-party/search/local-search.js" defer></script>







  




<!-- google adsense -->
<script data-ad-client="ca-pub-1045025618858716" async src="https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js"></script>

  <noscript>
    <link rel="stylesheet" href="/css/noscript.css">
  </noscript>
<link rel="alternate" href="/atom.xml" title="运维烂笔头" type="application/atom+xml">
</head>

<body itemscope itemtype="http://schema.org/WebPage" class="use-motion">
  <div class="headband"></div>

  <main class="main">
    <div class="column">
      <header class="header" itemscope itemtype="http://schema.org/WPHeader"><div class="site-brand-container">
  <div class="site-nav-toggle">
    <div class="toggle" aria-label="切换导航栏" role="button">
        <span class="toggle-line"></span>
        <span class="toggle-line"></span>
        <span class="toggle-line"></span>
    </div>
  </div>

  <div class="site-meta">

    <a href="/" class="brand" rel="start">
      <i class="logo-line"></i>
      <p class="site-title">运维烂笔头</p>
      <i class="logo-line"></i>
    </a>
      <p class="site-subtitle" itemprop="description">一个 SA 老兵的工作日志</p>
  </div>

  <div class="site-nav-right">
    <div class="toggle popup-trigger" aria-label="搜索" role="button">
        <i class="fa fa-search fa-fw fa-lg"></i>
    </div>
  </div>
</div>



<nav class="site-nav">
  <ul class="main-menu menu"><li class="menu-item menu-item-projects"><a href="/projects" rel="section"><i class="fa fa-code fa-fw"></i>projects</a></li><li class="menu-item menu-item-home"><a href="/" rel="section"><i class="fa fa-home fa-fw"></i>首页</a></li><li class="menu-item menu-item-about"><a href="/about/" rel="section"><i class="fa fa-user fa-fw"></i>关于</a></li><li class="menu-item menu-item-tags"><a href="/tags/" rel="section"><i class="fa fa-tags fa-fw"></i>标签</a></li><li class="menu-item menu-item-categories"><a href="/categories/" rel="section"><i class="fa fa-th fa-fw"></i>分类</a></li><li class="menu-item menu-item-archives"><a href="/archives/" rel="section"><i class="fa fa-archive fa-fw"></i>归档</a></li><li class="menu-item menu-item-sitemap"><a href="/sitemap.xml" rel="section"><i class="fa fa-sitemap fa-fw"></i>站点地图</a></li><li class="menu-item menu-item-commonweal"><a href="/404/" rel="section"><i class="fa fa-heartbeat fa-fw"></i>公益 404</a></li>
      <li class="menu-item menu-item-search">
        <a role="button" class="popup-trigger"><i class="fa fa-search fa-fw"></i>搜索
        </a>
      </li>
  </ul>
</nav>



  <div class="search-pop-overlay">
    <div class="popup search-popup">
      <div class="search-header">
        <span class="search-icon">
          <i class="fa fa-search"></i>
        </span>
        <div class="search-input-container">
          <input autocomplete="off" autocapitalize="off" maxlength="80"
                placeholder="搜索..." spellcheck="false"
                type="search" class="search-input">
        </div>
        <span class="popup-btn-close" role="button">
          <i class="fa fa-times-circle"></i>
        </span>
      </div>
      <div class="search-result-container">
        <div class="search-result-icon">
          <i class="fa fa-spinner fa-pulse fa-5x"></i>
        </div>
      </div>
    </div>
  </div>

</header>
        
  
  <aside class="sidebar">

    <div class="sidebar-inner sidebar-nav-active sidebar-toc-active">
      <ul class="sidebar-nav">
        <li class="sidebar-nav-toc">
          文章目录
        </li>
        <li class="sidebar-nav-overview">
          站点概览
        </li>
      </ul>

      <div class="sidebar-panel-container">
        <!--noindex-->
        <div class="post-toc-wrap sidebar-panel">
            <div class="post-toc animated"><ol class="nav"><li class="nav-item nav-level-1"><a class="nav-link" href="#%E6%93%8D%E4%BD%9C%E7%B3%BB%E7%BB%9F%E5%AE%89%E8%A3%85%E9%85%8D%E7%BD%AE%E8%A7%84%E8%8C%83"><span class="nav-number">1.</span> <span class="nav-text">操作系统安装配置规范</span></a><ol class="nav-child"><li class="nav-item nav-level-2"><a class="nav-link" href="#%E6%93%8D%E4%BD%9C%E7%B3%BB%E7%BB%9F%E9%80%89%E5%9E%8B"><span class="nav-number">1.1.</span> <span class="nav-text">操作系统选型</span></a></li><li class="nav-item nav-level-2"><a class="nav-link" href="#%E6%93%8D%E4%BD%9C%E7%B3%BB%E7%BB%9F%E5%AE%89%E8%A3%85"><span class="nav-number">1.2.</span> <span class="nav-text">操作系统安装</span></a><ol class="nav-child"><li class="nav-item nav-level-3"><a class="nav-link" href="#SWAP-%E5%8C%BA"><span class="nav-number">1.2.1.</span> <span class="nav-text">SWAP 区</span></a></li><li class="nav-item nav-level-3"><a class="nav-link" href="#%E5%85%AC%E7%BD%91%E5%9C%B0%E5%9D%80"><span class="nav-number">1.2.2.</span> <span class="nav-text">公网地址</span></a></li><li class="nav-item nav-level-3"><a class="nav-link" href="#%E5%AE%89%E5%85%A8%E7%BB%84"><span class="nav-number">1.2.3.</span> <span class="nav-text">安全组</span></a></li><li class="nav-item nav-level-3"><a class="nav-link" href="#%E6%95%B0%E6%8D%AE%E7%9B%98"><span class="nav-number">1.2.4.</span> <span class="nav-text">数据盘</span></a></li></ol></li><li class="nav-item nav-level-2"><a class="nav-link" href="#%E6%93%8D%E4%BD%9C%E7%B3%BB%E7%BB%9F%E9%85%8D%E7%BD%AE"><span class="nav-number">1.3.</span> <span class="nav-text">操作系统配置</span></a><ol class="nav-child"><li class="nav-item nav-level-3"><a class="nav-link" href="#%E4%B8%BB%E6%9C%BA%E5%90%8D"><span class="nav-number">1.3.1.</span> <span class="nav-text">主机名</span></a></li><li class="nav-item nav-level-3"><a class="nav-link" href="#%E7%94%A8%E6%88%B7%E5%92%8C%E7%BB%84"><span class="nav-number">1.3.2.</span> <span class="nav-text">用户和组</span></a></li><li class="nav-item nav-level-3"><a class="nav-link" href="#ssh-%E9%85%8D%E7%BD%AE"><span class="nav-number">1.3.3.</span> <span class="nav-text">ssh 配置</span></a></li><li class="nav-item nav-level-3"><a class="nav-link" href="#yum-%E9%85%8D%E7%BD%AE"><span class="nav-number">1.3.4.</span> <span class="nav-text">yum 配置</span></a></li><li class="nav-item nav-level-3"><a class="nav-link" href="#sudo-%E6%9D%83%E9%99%90"><span class="nav-number">1.3.5.</span> <span class="nav-text">sudo 权限</span></a></li><li class="nav-item nav-level-3"><a class="nav-link" href="#kernel-%E8%B0%83%E4%BC%98"><span class="nav-number">1.3.6.</span> <span class="nav-text">kernel 调优</span></a><ol class="nav-child"><li class="nav-item nav-level-4"><a class="nav-link" href="#disable-IPv6"><span class="nav-number">1.3.6.1.</span> <span class="nav-text">disable IPv6</span></a></li><li class="nav-item nav-level-4"><a class="nav-link" href="#NETWORK"><span class="nav-number">1.3.6.2.</span> <span class="nav-text">NETWORK</span></a></li><li class="nav-item nav-level-4"><a class="nav-link" href="#%E7%B3%BB%E7%BB%9F"><span class="nav-number">1.3.6.3.</span> <span class="nav-text">系统</span></a></li></ol></li><li class="nav-item nav-level-3"><a class="nav-link" href="#%E6%97%B6%E5%8C%BA%E9%85%8D%E7%BD%AE"><span class="nav-number">1.3.7.</span> <span class="nav-text">时区配置</span></a></li><li class="nav-item nav-level-3"><a class="nav-link" href="#%E8%87%AA%E5%90%AF%E5%8A%A8%E6%9C%8D%E5%8A%A1%E8%B0%83%E6%95%B4"><span class="nav-number">1.3.8.</span> <span class="nav-text">自启动服务调整</span></a></li><li class="nav-item nav-level-3"><a class="nav-link" href="#IPv6"><span class="nav-number">1.3.9.</span> <span class="nav-text">IPv6</span></a></li><li class="nav-item nav-level-3"><a class="nav-link" href="#disable-SELinux"><span class="nav-number">1.3.10.</span> <span class="nav-text">disable SELinux</span></a></li><li class="nav-item nav-level-3"><a class="nav-link" href="#%E5%AE%9A%E6%97%B6%E4%BB%BB%E5%8A%A1%EF%BC%88cron%EF%BC%89"><span class="nav-number">1.3.11.</span> <span class="nav-text">定时任务（cron）</span></a></li></ol></li></ol></li></ol></div>
        </div>
        <!--/noindex-->

        <div class="site-overview-wrap sidebar-panel">
          <div class="site-author animated" itemprop="author" itemscope itemtype="http://schema.org/Person">
  <p class="site-author-name" itemprop="name">老杨</p>
  <div class="site-description" itemprop="description">好记性比不过烂笔头</div>
</div>
<div class="site-state-wrap animated">
  <nav class="site-state">
      <div class="site-state-item site-state-posts">
        <a href="/archives/">
          <span class="site-state-item-count">114</span>
          <span class="site-state-item-name">日志</span>
        </a>
      </div>
      <div class="site-state-item site-state-categories">
          <a href="/categories/">
        <span class="site-state-item-count">8</span>
        <span class="site-state-item-name">分类</span></a>
      </div>
      <div class="site-state-item site-state-tags">
          <a href="/tags/">
        <span class="site-state-item-count">509</span>
        <span class="site-state-item-name">标签</span></a>
      </div>
  </nav>
</div>
  <div class="links-of-author animated">
      <span class="links-of-author-item">
        <a href="https://github.com/haw-haw" title="GitHub → https:&#x2F;&#x2F;github.com&#x2F;haw-haw" rel="noopener me" target="_blank"><i class="fab fa-github fa-fw"></i>GitHub</a>
      </span>
      <span class="links-of-author-item">
        <a href="mailto:blog@theyan.gs" title="E-Mail → mailto:blog@theyan.gs" rel="noopener me" target="_blank"><i class="fa fa-envelope fa-fw"></i>E-Mail</a>
      </span>
      <span class="links-of-author-item">
        <a href="https://weibo.com/u/1494877243" title="Weibo → https:&#x2F;&#x2F;weibo.com&#x2F;u&#x2F;1494877243" rel="noopener me" target="_blank"><i class="fab fa-weibo fa-fw"></i>Weibo</a>
      </span>
      <span class="links-of-author-item">
        <a href="https://twitter.com/6fool" title="Twitter → https:&#x2F;&#x2F;twitter.com&#x2F;6fool" rel="noopener me" target="_blank"><i class="fab fa-twitter fa-fw"></i>Twitter</a>
      </span>
  </div>

        </div>
      </div>
    </div>

    
    <div class="sidebar-inner sidebar-blogroll">
      <div class="links-of-blogroll animated">
        <div class="links-of-blogroll-title"><i class="fa fa-globe fa-fw"></i>
          链接
        </div>
        <ul class="links-of-blogroll-list">
            <li class="links-of-blogroll-item">
              <a href="https://bad-pencil.github.io/" title="https:&#x2F;&#x2F;bad-pencil.github.io" rel="noopener" target="_blank">github 镜像站</a>
            </li>
            <li class="links-of-blogroll-item">
              <a href="https://hawhaw.gitee.io/" title="https:&#x2F;&#x2F;hawhaw.gitee.io" rel="noopener" target="_blank">gitee 镜像站</a>
            </li>
        </ul>
      </div>
    </div>
  </aside>


    </div>

    <div class="main-inner post posts-expand">


  


<div class="post-block">
  
  

  <article itemscope itemtype="http://schema.org/Article" class="post-content" lang="zh-CN">
    <link itemprop="mainEntityOfPage" href="https://ming.theyan.gs/2019/09/%E6%9C%8D%E5%8A%A1%E5%99%A8%E6%93%8D%E4%BD%9C%E7%B3%BB%E7%BB%9F%E5%AE%89%E8%A3%85%E9%85%8D%E7%BD%AE%E6%A0%87%E5%87%86%E6%8E%A8%E8%8D%90/index.html">

    <span hidden itemprop="author" itemscope itemtype="http://schema.org/Person">
      <meta itemprop="image" content="/images/avatar.gif">
      <meta itemprop="name" content="老杨">
    </span>

    <span hidden itemprop="publisher" itemscope itemtype="http://schema.org/Organization">
      <meta itemprop="name" content="运维烂笔头">
      <meta itemprop="description" content="好记性比不过烂笔头">
    </span>

    <span hidden itemprop="post" itemscope itemtype="http://schema.org/CreativeWork">
      <meta itemprop="name" content="服务器操作系统安装配置标准推荐 | 运维烂笔头">
      <meta itemprop="description" content="">
    </span>
      <header class="post-header">
        <h1 class="post-title" itemprop="name headline">
          服务器操作系统安装配置标准推荐
        </h1>

        <div class="post-meta-container">
          <div class="post-meta">
    <span class="post-meta-item">
      <span class="post-meta-item-icon">
        <i class="far fa-calendar"></i>
      </span>
      <span class="post-meta-item-text">发表于</span>

      <time title="创建时间：2019-09-12 18:41:12" itemprop="dateCreated datePublished" datetime="2019-09-12T18:41:12+08:00">2019-09-12</time>
    </span>
    <span class="post-meta-item">
      <span class="post-meta-item-icon">
        <i class="far fa-calendar-check"></i>
      </span>
      <span class="post-meta-item-text">更新于</span>
      <time title="修改时间：2019-09-13 19:43:35" itemprop="dateModified" datetime="2019-09-13T19:43:35+08:00">2019-09-13</time>
    </span>

  
</div>

        </div>
      </header>

    
    
    
    <div class="post-body" itemprop="articleBody"><h1 id="操作系统安装配置规范"><a href="#操作系统安装配置规范" class="headerlink" title="操作系统安装配置规范"></a>操作系统安装配置规范</h1><p>从事运维这么长时间，每到一个新公司，都会涉及到写标准化、规范化、流程化、制度化文档的工作，这里就整理了一份，但愿对大家有帮助。</p>
<h2 id="操作系统选型"><a href="#操作系统选型" class="headerlink" title="操作系统选型"></a>操作系统选型</h2><p>以下都是推荐值，如果没有特殊的需求，请都按照以下推荐值来操作</p>
<ul>
<li>实体机：首选 CentOS 7 系列的最新版，其次选 Ubuntu Server 的最新的 LTS 的 64 位版本，目前最新的是 18.04</li>
<li>阿里云：选 Aliyun Linux 2 的最新版，当下是 2.1903；选 64 位版本</li>
<li>AWS：选 Amazon LInux 2 的最新版；选 64 位版本</li>
</ul>
<span id="more"></span>

<h2 id="操作系统安装"><a href="#操作系统安装" class="headerlink" title="操作系统安装"></a>操作系统安装</h2><h3 id="SWAP-区"><a href="#SWAP-区" class="headerlink" title="SWAP 区"></a>SWAP 区</h3><p>现在基本上云主机缺省都没有 SWAP 区。</p>
<p>建议：</p>
<ul>
<li>启用 SWAP 区，大小跟物理内存一样即可</li>
<li>在 kernel 参数里调低使用 SWAP 区的概率，详见 [[#10]]</li>
</ul>
<h3 id="公网地址"><a href="#公网地址" class="headerlink" title="公网地址"></a>公网地址</h3><ul>
<li>安装时不要选公网</li>
<li>如果需要公网<ul>
<li>安装完以后单独购买 EIP，并绑定过来（需要注意的是：可能需要提高可买 EIP 数量的限额）</li>
</ul>
</li>
</ul>
<h3 id="安全组"><a href="#安全组" class="headerlink" title="安全组"></a>安全组</h3><ul>
<li>如无特殊需求一定要勾选 sg-whitelist 安全组</li>
<li>如有公网登录管理需求请勾选 sg-ssh 安全组</li>
<li>跑 web 服务的服务器还要勾选 sg-web 安全组</li>
</ul>
<h3 id="数据盘"><a href="#数据盘" class="headerlink" title="数据盘"></a>数据盘</h3><ul>
<li>裸盘格式化成 ext4 文件系统</li>
<li>挂载到系统的 &#x2F;data 下</li>
<li>&#x2F;etc&#x2F;fstab 里用 UUID 取代设备名，dump 和 fsck 两个选项都用 0</li>
</ul>
<h2 id="操作系统配置"><a href="#操作系统配置" class="headerlink" title="操作系统配置"></a>操作系统配置</h2><h3 id="主机名"><a href="#主机名" class="headerlink" title="主机名"></a>主机名</h3><p>idc 名称-项目-角色-集群-节点</p>
<h3 id="用户和组"><a href="#用户和组" class="headerlink" title="用户和组"></a>用户和组</h3><ul>
<li>新建一个 sre 组</li>
<li>sre 组是运维团队所有成员及用户 deploy 的副组</li>
<li>每个运维团队成员都单独建一个账号并为每个成员部署自己的公钥</li>
<li>新建 deploy 用户</li>
<li>部署 deploy 用户的公钥（私钥在 {K77}，~&#x2F;.ssh&#x2F;authenticated_keys 文件里写公钥之前，写 from&#x3D;”10.254.1.201&#x2F;32 “，这里假设 10.254.1.201 是用 deploy 用户登录服务器的 IP 地址）</li>
</ul>
<h3 id="ssh-配置"><a href="#ssh-配置" class="headerlink" title="ssh 配置"></a>ssh 配置</h3><ul>
<li>禁止 root 直接登录</li>
<li>禁止非 root 用户密码登录</li>
<li>端口号改成 38522（三号楼 B 座 5 层 22 端口）</li>
</ul>
<h3 id="yum-配置"><a href="#yum-配置" class="headerlink" title="yum 配置"></a>yum 配置</h3><p>参见文档：[[|]]</p>
<h3 id="sudo-权限"><a href="#sudo-权限" class="headerlink" title="sudo 权限"></a>sudo 权限</h3><p>设置 sre 组有不需要密码用 root 身份执行所有命令的权限</p>
<h3 id="kernel-调优"><a href="#kernel-调优" class="headerlink" title="kernel 调优"></a>kernel 调优</h3><p>调优的一些 kernerl 参数，放在 &#x2F;etc&#x2F;sysctl.d&#x2F; 目录下的文件里</p>
<h4 id="disable-IPv6"><a href="#disable-IPv6" class="headerlink" title="disable IPv6"></a>disable IPv6</h4><p><code>cat /etc/sysctl.d/disableipv6.conf</code>，显示内容如下：</p>
<figure class="highlight plaintext"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br></pre></td><td class="code"><pre><span class="line">net.ipv6.conf.all.disable_ipv6 = 1</span><br><span class="line">net.ipv6.conf.default.disable_ipv6 = 1</span><br></pre></td></tr></table></figure>

<h4 id="NETWORK"><a href="#NETWORK" class="headerlink" title="NETWORK"></a>NETWORK</h4><p><code>cat /etc/sysctl.d/network.conf</code>，显示内容如下：</p>
<figure class="highlight plaintext"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br><span class="line">3</span><br><span class="line">4</span><br><span class="line">5</span><br><span class="line">6</span><br><span class="line">7</span><br><span class="line">8</span><br><span class="line">9</span><br></pre></td><td class="code"><pre><span class="line"># 尽可能多的扩展本地端口使用范围</span><br><span class="line">net.ipv4.ip_local_port_range = 1025    65535</span><br><span class="line"># accept 队列（保存 ESTABLISHED 状态的连接队列）。</span><br><span class="line"># 队列长度为 min(net.core.somaxconn,backlog)，</span><br><span class="line"># syncookies 打开的情况下，不需要设置太大，但缺省的 128 实在有点小</span><br><span class="line">net.core.somaxconn = 2048</span><br><span class="line"># 半连接队列（保存SYN_RECV状态的队列）的长度，</span><br><span class="line"># syncookies 打开的情况下，不需要设置太大</span><br><span class="line">net.ipv4.tcp_max_syn_backlog = 2048</span><br></pre></td></tr></table></figure>

<h4 id="系统"><a href="#系统" class="headerlink" title="系统"></a>系统</h4><p><code>cat /etc/sysctl.d/os.conf</code>，显示内容如下：</p>
<figure class="highlight plaintext"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br></pre></td><td class="code"><pre><span class="line"># 尽可能少的使用 swap</span><br><span class="line">vm.swappiness = 10</span><br></pre></td></tr></table></figure>

<h3 id="时区配置"><a href="#时区配置" class="headerlink" title="时区配置"></a>时区配置</h3><p>Aliyun Linux 的话，不需要配置，直接就是好的。</p>
<p>否则：</p>
<figure class="highlight bash"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br><span class="line">3</span><br></pre></td><td class="code"><pre><span class="line"><span class="built_in">cd</span> /etc</span><br><span class="line"><span class="built_in">mv</span> localtime localtime.bak</span><br><span class="line"><span class="built_in">ln</span> -s /usr/share/zoneinfo/Asia/Shanghai localtime</span><br></pre></td></tr></table></figure>

<h3 id="自启动服务调整"><a href="#自启动服务调整" class="headerlink" title="自启动服务调整"></a>自启动服务调整</h3><p>如下服务是建议取消随机自启动的：</p>
<ul>
<li>atd</li>
<li>aliyun（阿里云自带服务，建议干掉）</li>
<li>aegis（阿里云自带服务，建议干掉）</li>
</ul>
<p>参照如下代码，将不需要随机自启动的服务干掉：</p>
<a href="/2019/08/How%20to%20disable%20startup%20services%20from%20Aliyun/index.html" title="How to disable startup services from Aliyun">How to disable startup services from Aliyun</a>

<h3 id="IPv6"><a href="#IPv6" class="headerlink" title="IPv6"></a>IPv6</h3><p>参见 [[#kernel | kernel 调优]]部分</p>
<h3 id="disable-SELinux"><a href="#disable-SELinux" class="headerlink" title="disable SELinux"></a>disable SELinux</h3><p>Aliyun Linux 不用做，缺省就是 disable 的。</p>
<p>其他的，用如下代码：</p>
<a href="/2019/07/How%20to%20disable%20SELinux%20on%20CentOS%207.x/index.html" title="How to disable SELinux on CentOS 7.x in code">How to disable SELinux on CentOS 7.x in code</a>

<h3 id="定时任务（cron）"><a href="#定时任务（cron）" class="headerlink" title="定时任务（cron）"></a>定时任务（cron）</h3><p>定时任务的配置文件，按照具体情况不同，分别放到如下目录下：</p>
<ul>
<li>&#x2F;etc&#x2F;cron.monthly：用来放每月执行但不太关心具体执行时间的任务</li>
<li>&#x2F;etc&#x2F;cron.weekly：用来放每周执行但不关心具体执行时间的任务</li>
<li>&#x2F;etc&#x2F;cron.daily：用来放每天执行但不关心具体执行时间的任务</li>
<li>&#x2F;etc&#x2F;cron.hourly：用来放每小时执行但不关心具体执行时间的任务</li>
<li>&#x2F;etc&#x2F;cron.d：用来放不适合放如上四个目录的任务</li>
</ul>

    </div>

    
    
    

    <footer class="post-footer">
          <div class="reward-container">
  <div>请我一杯咖啡吧！</div>
  <button>
    赞赏
  </button>
  <div class="post-reward">
      <div>
        <img src="/images/wechat-reward.png" alt="老杨 微信">
        <span>微信</span>
      </div>
      <div>
        <img src="/images/alipay-reward.png" alt="老杨 支付宝">
        <span>支付宝</span>
      </div>

  </div>
</div>

          <div class="followme">
  <span>欢迎关注我的其它发布渠道</span>

  <div class="social-list">

      <div class="social-item">
          <a target="_blank" class="social-link" href="https://twitter.com/6fool">
            <span class="icon">
              <i class="fab fa-twitter"></i>
            </span>

            <span class="label">Twitter</span>
          </a>
      </div>

      <div class="social-item">
          <a target="_blank" class="social-link" href="/atom.xml">
            <span class="icon">
              <i class="fa fa-rss"></i>
            </span>

            <span class="label">RSS</span>
          </a>
      </div>
  </div>
</div>

          <div class="post-tags">
              <a href="/tags/Linux/" rel="tag"># Linux</a>
              <a href="/tags/%E8%A7%84%E8%8C%83/" rel="tag"># 规范</a>
              <a href="/tags/%E6%A0%87%E5%87%86/" rel="tag"># 标准</a>
              <a href="/tags/%E4%BC%98%E5%8C%96/" rel="tag"># 优化</a>
          </div>

        

          <div class="post-nav">
            <div class="post-nav-item">
                <a href="/2019/08/How%20to%20disable%20startup%20services%20from%20Aliyun/index.html" rel="prev" title="How to disable startup services from Aliyun">
                  <i class="fa fa-angle-left"></i> How to disable startup services from Aliyun
                </a>
            </div>
            <div class="post-nav-item">
                <a href="/2019/10/hexo-github_action-github_pages/index.html" rel="next" title="How to auto deploy Hexo site to GitHub pages via Github Actions">
                  How to auto deploy Hexo site to GitHub pages via Github Actions <i class="fa fa-angle-right"></i>
                </a>
            </div>
          </div>
    </footer>
  </article>
</div>






</div>
  </main>

  <footer class="footer">
    <div class="footer-inner">

  <div class="copyright">
    &copy; 
    <span itemprop="copyrightYear">2025</span>
    <span class="with-love">
      <i class="fa fa-heart"></i>
    </span>
    <span class="author" itemprop="copyrightHolder">老杨</span>
  </div>
  <div class="powered-by">由 <a href="https://hexo.io/" rel="noopener" target="_blank">Hexo</a> & <a href="https://theme-next.js.org/pisces/" rel="noopener" target="_blank">NexT.Pisces</a> 强力驱动
  </div>

    </div>
  </footer>

  
  <div class="toggle sidebar-toggle" role="button">
    <span class="toggle-line"></span>
    <span class="toggle-line"></span>
    <span class="toggle-line"></span>
  </div>
  <div class="sidebar-dimmer"></div>
  <div class="back-to-top" role="button" aria-label="返回顶部">
    <i class="fa fa-arrow-up fa-lg"></i>
    <span>0%</span>
  </div>
  <a role="button" class="book-mark-link book-mark-link-fixed"></a>

<noscript>
  <div class="noscript-warning">Theme NexT works best with JavaScript enabled</div>
</noscript>

</body>
</html>
